PT-2024-24490 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: The issue is a stack overflow vulnerability that can be exploited via the PPW parameter in the fromWizardHandle function. Recommendations: For Tenda FH1203 version 2.0.1.6, consider disabling the...

PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums

Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...

PT-2024-24065 · Hamid Alinia · Idehweb Login With Phone Number

Name of the Vulnerable Software and Affected Versions: Hamid Alinia - idehweb Login with phone number versions 1.6.93 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Login with phone number feature. This allows an attacker to perform unintended actions on a user's...

PT-2024-27790 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue involves improper neutralisation of Server-Side Includes SSI through Device Synchronizations at the "/admin/DeviceReplication" API endpoint. This could allow a remote user to execute arbitrar...

PT-2024-2865 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the getWiFiExtenderConfig function, which can allow an attacker to obtain sensitive information without authorization. This can be exploited by a remote attacke...

PT-2024-23055 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical issue was found in the function form fast setting wifi set of the file /goform/fast setting wifi set. The manipulation of the argument ssid leads to a stack-based buffer overflow. It is...

PT-2024-22520 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A cross-site scripting XSS issue was found in DedeCMS via the Photo Collection feature. This allows for potential malicious script execution. Recommendations: For DedeCMS version 5.7, as a temporary workaround...

PT-2024-8940 · Abb · S+ Control Api +3

Name of the Vulnerable Software and Affected Versions: Symphony Plus S+ Operations versions 2.0;0 through 2.0 SP6 TC6 Symphony Plus S+ Operations versions 2.1;0 through 2.1 SP2 RU3 Symphony Plus S+ Operations versions 3.0;0 through 3.3 SP1 RU4 Symphony Plus S+ Engineering versions 2.1 through 2.3...

PT-2024-20942 · Public Knowledge · Pkp Ojs

Name of the Vulnerable Software and Affected Versions: Pkp Ojs version 3.3 Description: A cross-site scripting XSS issue in the Production module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

GHSA-R275-J57C-7MF2 Race condition in Endorsements

Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...

Race condition in Endorsements

Impact A race condition in the endorsement of resources for instance, a proposal allows a user to make more than once endorsement. To exploit this vulnerability, the request to set an endorsement must be sent several times in parallel. Workarounds Disable the Endorsement feature in the components...

PT-2024-2170 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 2.5.0 through Master Branch ab0ee111 Description: A use-after-free vulnerability exists in the sopen FAMOS read functionality. This issue can be triggered by a specially crafted .famos file, potentially leading to arbitrary...

PT-2024-20326 · Unknown · Px4-Autopilot

Name of the Vulnerable Software and Affected Versions: PX4 Autopilot versions 1.14 and earlier Description: A Race Condition was discovered in geofence.cpp and mission feasibility checker.cpp that allows attackers to send drones on unintended missions. Recommendations: For PX4 Autopilot versions...

PT-2023-32766 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the function prepare of the file email setup.php. The manipulation of the argument name leads to SQL injection. The exploit has been...

PT-2023-31210 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: A stack overflow issue was discovered via the function set device name. Recommendations: For Tenda AX3 version 16.03.12.11, consider disabling the set device name function until a patch is available...

PT-2023-31322 · Unknown · Speedycache

Name of the Vulnerable Software and Affected Versions: SpeedyCache – Cache, Optimization, Performance versions n/a through 1.1.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This type of vulnerability allows an attacker to trick the server into making...

PT-2023-7070 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.7 Splunk Enterprise versions prior to 9.1.2 Description: The issue is related to ineffective escaping in the "Show syntax Highlighted" feature, which can result in the execution of unauthorized code in ...

PT-2023-26053 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: UVDesk Community Skeleton version 1.1.1 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. This enables...

PT-2023-28009 · Unknown · Esst Monitoring

Name of the Vulnerable Software and Affected Versions: eSST Monitoring version 2.147.1 Description: A lack of input sanitizing in the file download feature allows attackers to execute a path traversal. Recommendations: For eSST Monitoring version 2.147.1, consider disabling the file download...

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...